The term Advanced Threat Protection (ATP) is on every security vendor’s lips these days.
The core gist, with slightly varied approaches, boils down to one unified solution deployed an entire environment reporting to one console – as opposed to individual endpoints – with analytics and cloud capabilities strewn in. The focus is on wholistically analysing suspicious behaviour and preventing serious breaches.
It’s curious, then, that a smaller vendor by the name of Malwarebytes has a different approach.
Rather than prevention, the security solution provider is looking at an area it claims has been underserved: removing malware once it is present in an environment.
The solution, called the Malwarebytes Breach Remediation platform (MBBR), in theory, does what other advanced threat protection solutions do. It claims to proactively hunt for malware network-wide and remediate incidents through a remote operating console that can be in the cloud.
However, here, the focus is on removal.
According to the San Jose, CA-based company, the solution is built in some ways with partnerships in mind, with security information and event management solutions like Splunk, ArcSight, QRadar, LogRythm and breach detection systems like Mandiant, CrowdStrike, Lastline and many more.
These partner solutions generate what Malwarebytes calls indicators of compromise, send it to MBBR, which then goes and removes all traces of the malware.
“Often people are often not behind a corporate firewall,” Roger Cobb, vice president of worldwide channel sales told CDN. “A lot of times, it’s on a mobile device, out of the office, and a remote employee has to ship their laptop back. We noticed the problem wasn’t necessarily infections but rather removal and downtime.”
With MBBR, IT doesn’t need to reimage the machine, Cobb said.
He explained that unlike other solutions which can’t chain together pieces of the malware for guaranteed removal, Malwarebytes has had researchers spend thousands of hours reverse engineering malware to examine artifacts and how it spreads through the system.
With the solution comes a push for better partner enablement.
The company will be rolling out a new partner portal as well as training programs to make it easier for partners of any size, but especially “mom and pop shops” who may lack the procurement mechanisms to resell the solution rather than go through distribution.
“It’s a very complimentary approach,” Cobb said.
